VYPR

Duplicate Post

by WordPress

Source repositories

CVEs (8)

  • CVE-2014-10379CriAug 21, 2019
    risk 0.64cvss 9.8epss 0.02

    The duplicate-post plugin before 2.6 for WordPress has SQL injection.

  • CVE-2021-43408MedNov 19, 2021
    risk 0.43cvss 6.5epss 0.10

    The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete…

  • CVE-2014-10378MedAug 21, 2019
    risk 0.40cvss 6.1epss 0.01

    The duplicate-post plugin before 2.6 for WordPress has XSS.

  • CVE-2019-25314MedFeb 11, 2026
    risk 0.36cvss 5.5epss 0.00

    Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin…

  • CVE-2026-53740MedJun 10, 2026
    risk 0.35cvss 5.4epss 0.00

    Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice.

  • CVE-2026-1217MedMar 18, 2026
    risk 0.35cvss 5.4epss 0.00

    The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clone_bulk_action_handler() and republish_request() functions in all versions up to, and including, 4.5. This makes it possible for…

  • CVE-2026-53739MedJun 10, 2026
    risk 0.28cvss 4.3epss 0.00

    Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice…

  • CVE-2026-2301MedFeb 25, 2026
    risk 0.28cvss 4.3epss 0.00

    The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the `duplicate_post()` function in `includes/api.php` using `$wpdb->insert()` directly to the `wp_postmeta`…